providers/proxy: always set rd param in addition to session to prevent wrong url in session
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
83d435bd3b
commit
744f250d05
|
@ -42,8 +42,11 @@ func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
|
||||||
a.log.WithError(err).Warning("failed to save session before redirect")
|
a.log.WithError(err).Warning("failed to save session before redirect")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
urlArgs := url.Values{
|
||||||
|
"rd": []string{redirectUrl},
|
||||||
|
}
|
||||||
authUrl := urlJoin(a.proxyConfig.ExternalHost, "/outpost.goauthentik.io/start")
|
authUrl := urlJoin(a.proxyConfig.ExternalHost, "/outpost.goauthentik.io/start")
|
||||||
http.Redirect(rw, r, authUrl, http.StatusFound)
|
http.Redirect(rw, r, authUrl+"?"+urlArgs.Encode(), http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
||||||
// getClaims Get claims which are currently in session
|
// getClaims Get claims which are currently in session
|
||||||
|
|
|
@ -21,7 +21,7 @@ func TestRedirectToStart_Proxy(t *testing.T) {
|
||||||
|
|
||||||
assert.Equal(t, http.StatusFound, rr.Code)
|
assert.Equal(t, http.StatusFound, rr.Code)
|
||||||
loc, _ := rr.Result().Location()
|
loc, _ := rr.Result().Location()
|
||||||
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
|
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start?rd=https%3A%2F%2Ftest.goauthentik.io%2Ffoo%2Fbar%2Fbaz", loc.String())
|
||||||
|
|
||||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||||
assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect])
|
assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect])
|
||||||
|
@ -38,7 +38,7 @@ func TestRedirectToStart_Forward(t *testing.T) {
|
||||||
|
|
||||||
assert.Equal(t, http.StatusFound, rr.Code)
|
assert.Equal(t, http.StatusFound, rr.Code)
|
||||||
loc, _ := rr.Result().Location()
|
loc, _ := rr.Result().Location()
|
||||||
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
|
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start?rd=https%3A%2F%2Ftest.goauthentik.io%2Ffoo%2Fbar%2Fbaz", loc.String())
|
||||||
|
|
||||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||||
assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect])
|
assert.Equal(t, "https://test.goauthentik.io/foo/bar/baz", s.Values[constants.SessionRedirect])
|
||||||
|
@ -56,7 +56,7 @@ func TestRedirectToStart_Forward_Domain_Invalid(t *testing.T) {
|
||||||
|
|
||||||
assert.Equal(t, http.StatusFound, rr.Code)
|
assert.Equal(t, http.StatusFound, rr.Code)
|
||||||
loc, _ := rr.Result().Location()
|
loc, _ := rr.Result().Location()
|
||||||
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
|
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start?rd=https%3A%2F%2Ftest.goauthentik.io", loc.String())
|
||||||
|
|
||||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||||
assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect])
|
assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect])
|
||||||
|
@ -74,7 +74,7 @@ func TestRedirectToStart_Forward_Domain(t *testing.T) {
|
||||||
|
|
||||||
assert.Equal(t, http.StatusFound, rr.Code)
|
assert.Equal(t, http.StatusFound, rr.Code)
|
||||||
loc, _ := rr.Result().Location()
|
loc, _ := rr.Result().Location()
|
||||||
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start", loc.String())
|
assert.Equal(t, "https://test.goauthentik.io/outpost.goauthentik.io/start?rd=https%3A%2F%2Ftest.goauthentik.io", loc.String())
|
||||||
|
|
||||||
s, _ := a.sessions.Get(req, constants.SeesionName)
|
s, _ := a.sessions.Get(req, constants.SeesionName)
|
||||||
assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect])
|
assert.Equal(t, "https://test.goauthentik.io", s.Values[constants.SessionRedirect])
|
||||||
|
|
Reference in a new issue